Use namespace in login form
This commit is contained in:
Jakub Vrana
parent
6591d485e9
commit
f595f9313e
|
|
@ -63,19 +63,19 @@ class Adminer {
|
|||
global $drivers;
|
||||
?>
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('System'); ?><td><?php echo html_select("driver", $drivers, DRIVER, "loginDriver(this);"); ?>
|
||||
<tr><th><?php echo lang('Server'); ?><td><input name="server" value="<?php echo h(SERVER); ?>" title="hostname[:port]">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
|
||||
<tr><th><?php echo lang('System'); ?><td><?php echo html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);"); ?>
|
||||
<tr><th><?php echo lang('Server'); ?><td><input name="auth[server]" value="<?php echo h(SERVER); ?>" title="hostname[:port]">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
|
||||
</table>
|
||||
<script type="text/javascript">
|
||||
var username = document.getElementById('username');
|
||||
username.focus();
|
||||
username.form['driver'].onchange();
|
||||
username.form['auth[driver]'].onchange();
|
||||
</script>
|
||||
<?php
|
||||
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
|
||||
echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||
}
|
||||
|
||||
/** Authorize the user
|
||||
|
|
|
|||
|
|
@ -14,21 +14,22 @@ if ($_COOKIE["adminer_permanent"]) {
|
|||
}
|
||||
}
|
||||
|
||||
if (isset($_POST["server"])) {
|
||||
$auth = $_POST["auth"];
|
||||
if ($auth) {
|
||||
session_regenerate_id(); // defense against session fixation
|
||||
$_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
|
||||
if ($_POST["permanent"]) {
|
||||
$key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
|
||||
$_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"];
|
||||
if ($auth["permanent"]) {
|
||||
$key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]);
|
||||
$private = $adminer->permanentLogin();
|
||||
$permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($_POST["password"], $private) : "");
|
||||
$permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
|
||||
cookie("adminer_permanent", implode(" ", $permanent));
|
||||
}
|
||||
if (count($_POST) == ($_POST["permanent"] ? 5 : 4) // 4 - driver, server, username, password
|
||||
|| DRIVER != $_POST["driver"]
|
||||
|| SERVER != $_POST["server"]
|
||||
|| $_GET["username"] !== $_POST["username"] // "0" == "00"
|
||||
if (count($_POST) == 1 // 1 - auth
|
||||
|| DRIVER != $auth["driver"]
|
||||
|| SERVER != $auth["server"]
|
||||
|| $_GET["username"] !== $auth["username"] // "0" == "00"
|
||||
) {
|
||||
redirect(auth_url($_POST["driver"], $_POST["server"], $_POST["username"]));
|
||||
redirect(auth_url($auth["driver"], $auth["server"], $auth["username"]));
|
||||
}
|
||||
} elseif ($_POST["logout"]) {
|
||||
if ($token && $_POST["token"] != $token) {
|
||||
|
|
@ -77,7 +78,7 @@ function auth_error($exception = null) {
|
|||
echo "<form action='' method='post' onclick='eventStop(event);'>\n";
|
||||
$adminer->loginForm();
|
||||
echo "<div>";
|
||||
hidden_fields($_POST, array("driver", "server", "username", "password", "permanent")); // expired session
|
||||
hidden_fields($_POST, array("auth")); // expired session
|
||||
echo "</div>\n";
|
||||
echo "</form>\n";
|
||||
page_footer("auth");
|
||||
|
|
@ -98,7 +99,7 @@ if (is_string($connection) || !$adminer->login($_GET["username"], get_session("p
|
|||
}
|
||||
|
||||
$token = $_SESSION["token"]; ///< @var string CSRF protection
|
||||
if (isset($_POST["server"]) && $_POST["token"]) {
|
||||
if ($auth && $_POST["token"]) {
|
||||
$_POST["token"] = $token; // reset token after explicit login
|
||||
}
|
||||
$error = ($_POST ///< @var string
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ PostgreSQL: approximate row count in table overview
|
|||
PostgreSQL: improve PDO support in SQL command
|
||||
Oracle: schema, processlist, table overview numbers
|
||||
Simplify work with NULL values (customization)
|
||||
Use namespace in login form (customization)
|
||||
Replace JSMin by better JavaScript minifier
|
||||
Don't use AJAX links and forms
|
||||
Ukrainian translation
|
||||
|
|
|
|||
|
|
@ -41,15 +41,15 @@ class Adminer {
|
|||
function loginForm() {
|
||||
?>
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="driver" value="server"><input type="hidden" name="server" value=""><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="auth[driver]" value="server"><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
|
||||
</table>
|
||||
<script type="text/javascript">
|
||||
document.getElementById('username').focus();
|
||||
</script>
|
||||
<?php
|
||||
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
|
||||
echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||
}
|
||||
|
||||
function login($login, $password) {
|
||||
|
|
|
|||
|
|
@ -37,13 +37,13 @@ class AdminerLoginServers {
|
|||
function loginForm() {
|
||||
?>
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="driver" value="<?php echo $this->driver; ?>"><select name="server"><?php echo optionlist($this->servers, SERVER); ?></select>
|
||||
<tr><th><?php echo lang('Username'); ?><td><input id="username" name="username" value="<?php echo h($_GET["username"]); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
|
||||
<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="auth[driver]" value="<?php echo $this->driver; ?>"><select name="auth[server]"><?php echo optionlist($this->servers, SERVER); ?></select>
|
||||
<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
|
||||
</table>
|
||||
<p><input type="submit" value="<?php echo lang('Login'); ?>">
|
||||
<?php
|
||||
echo checkbox("permanent", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ class AdminerPasswordSha1 {
|
|||
$this->login = $login;
|
||||
$this->passwordSha1 = $passwordSha1;
|
||||
$this->credentials = $credentials;
|
||||
if (isset($_POST["password"])) {
|
||||
$_POST["password"] = sha1($_POST["password"]);
|
||||
if (isset($_POST["auth"])) {
|
||||
$_POST["auth"]["password"] = sha1($_POST["auth"]["password"]);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -32,7 +32,7 @@ class AdminerPasswordSha1 {
|
|||
}
|
||||
|
||||
function permanentLogin() {
|
||||
//! should save original $_POST["password"] and hash after load
|
||||
//! should save original $_POST["auth"]["password"] and hash after load
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue